Unsolved
This post is more than 5 years old
18 Posts
0
5890
Spyware, or virus etc.? Keyboard ghost-typing on its own. Please help!
Hello everyone, I'm new to this site, and somewhat of a computer novice. Lately my computer has been making a beep when typing on email, web search engines, or even Word. Once it beeps, the keyboard either stops working, or more often it begins typing lots of characters on its own. Once this happens, it doesn't stop until I run complete scans, at which point the problem returns within a few minutes after restarting.
Very frustrating, and I'm at a loss for how to get rid of this, as well as how it might have become infected in the first place. I ran ComboFix for the first time, and can provide a log if necessary. Any help would be much appreciated. Thanks in advance.
Also, I ran MalwareBytes before, and here were the two issues it kept coming up with:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default)
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default)
kevinf80_1d0ac6
1.1K Posts
0
October 14th, 2010 03:00
I'm kevinf80 and I will be helping with any malware issues you may have with your system.
If you still need help proceed as follows please :-
Step 1
Download TFC to your desktop, from either of the following links
Link 1
Link 2
Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.
Step 2
Download OTL from any of the following links and save to your Desktop:
Link 1
Link 2
Link 3
---------------------------------------------------------------------------------------------------------------------------
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
----------------------------------------------------------------------------------------------------------------------------
Copy and paste OTL Txt and ExtrasTxt in your reply.
Step 3
Download Security Check by screen317 from HERE or HERE.
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
If you get an alert from your security when using any of the requested tools/scans please OK the alert and let them contnue.
What i`d like to see in your reply :-
Use multiple posts if necessary.
Kevin.
kevinf80_1d0ac6
1.1K Posts
0
October 15th, 2010 14:00
Hiya J.C.
you post the logs anytime your ready, i`m out most of Saturday so Sunday is good for me. I`m in the UK so if you`re anywhere else there will be a time difference, i`m sure we`ll get there in the end.
You have a great weekend too,
Kevin
BigTenGolf41
18 Posts
0
October 15th, 2010 14:00
Kevin,
Thanks so much for your generosity. Unfortunately I'm not going to be able to run through the steps above until Sunday morning or evening, but really appreciate your patience. I'll paste another reply at that time after I've had a chance to run through it.
Thanks again.
Have a great weekend,
J.C.
BigTenGolf41
18 Posts
0
October 17th, 2010 09:00
Thanks! Results of each scan separated by dollar signs ($$$$$).
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ComboFix 10-10-16.04 - BigTenGolf41 10/17/2010 11:01:20.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1694 [GMT -4:00]
Running from: c:\users\BigTenGolf41\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.
2010-10-17 15:08 . 2010-10-17 15:08 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\temp
2010-10-17 15:08 . 2010-10-17 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-16 06:30 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDC36942-1599-4C1D-BEFF-7BE163F6E1F1}\mpengine.dll
2010-10-13 22:04 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 22:04 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 22:04 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 22:04 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 22:04 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 22:04 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 22:04 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-11 18:49 . 2008-01-02 21:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-09-30 01:00 . 2010-09-30 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-30 01:00 . 2010-09-30 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-30 00:39 . 2010-09-30 00:39 -------- d-----w- c:\users\BigTenGolf41\AppData\Roaming\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 04:02 . 2010-09-29 04:02 -------- d-----w- c:\program files\Trend Micro
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\programdata\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\program files\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Deployment
2010-09-29 02:45 . 2010-09-29 02:45 -------- d-----w- c:\program files\iPod
2010-09-29 02:42 . 2010-09-29 02:42 -------- d-----w- c:\program files\Bonjour
2010-09-28 23:51 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 23:51 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 00:50 . 2010-09-28 00:50 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-09-28 00:50 . 2010-09-28 00:50 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-09-27 12:11 . 2010-09-27 12:12 -------- d-----w- c:\program files\Apoint2K
2010-09-27 12:10 . 2010-09-27 12:10 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-27 00:30 . 2010-09-27 11:45 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-09-27 204800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-29 03:56 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-03 03:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 16:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 21:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2010-08-30 12:45 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-166987707-3047939459-2013589854-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-03 30192]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101015.003\IDSvix86.sys [2010-10-13 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv11010
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-12 c:\windows\Tasks\Norton Internet Security - BigTenGolf41 - Full System Scan.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - BigTenGolf41.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5380)
c:\windows\system32\ieframe.dll
c:\windows\system32\QUtil.dll
.
Completion time: 2010-10-17 11:12:09
ComboFix-quarantined-files.txt 2010-10-17 15:12
ComboFix2.txt 2010-10-11 22:59
ComboFix3.txt 2010-10-11 18:32
Pre-Run: 44,475,904,000 bytes free
Post-Run: 44,481,388,544 bytes free
- - End Of File - - C25B4E2C54442D5B51C90CB28BE67845
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
OTL logfile created on: 10/17/2010 10:48:35 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\BigTenGolf41\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 38.90 Gb Free Space | 28.45% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.94 Gb Free Space | 50.58% Space Free | Partition Type: NTFS
Computer Name: JCPULSEJC | User Name: BigTenGolf41 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010/10/17 10:46:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\OTL.com
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe
PRC - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/02/16 09:35:29 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/08/28 01:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 15:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/03 13:37:04 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
========== Modules (SafeList) ==========
MOD - [2010/10/17 10:46:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\OTL.com
MOD - [2010/09/20 15:26:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2009/07/12 03:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 03:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010/09/28 23:56:36 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/11/02 23:53:44 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093009-130223)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2009/06/23 17:23:48 | 000,600,944 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/02/16 09:35:29 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 07:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 11:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 11:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/03/21 15:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/10/13 15:59:29 | 000,353,840 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101015.003\IDSvix86.sys -- (IDSVix86)
DRV - [2010/10/02 14:36:20 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101016.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/02 14:36:20 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20101016.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/27 20:50:37 | 000,036,616 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2010/09/27 08:10:53 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010/08/31 18:57:04 | 000,692,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/06/21 18:38:11 | 000,320,288 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2010/06/21 18:36:07 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2010/06/20 21:03:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/20 01:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/06 00:01:59 | 000,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2010/04/29 01:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 23:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 22:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 22:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys -- (ccHP)
DRV - [2010/02/03 21:40:47 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS -- (SymDS)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/06/03 11:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 11:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/12/09 15:26:50 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/12/05 02:25:38 | 000,112,640 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/25 12:25:24 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/25 12:23:10 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/06/25 12:22:20 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/02/29 12:12:34 | 000,037,008 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 12:12:28 | 000,035,472 | ---- | M] (Logicool, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/16 17:16:22 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/02/16 17:16:22 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/02/16 17:16:22 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/02 17:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/12/04 17:10:30 | 000,016,640 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007/11/12 07:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/17 08:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/06 12:43:26 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/06 12:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 12:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 12:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 01:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/10 12:08:48 | 000,024,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2007/06/27 11:42:32 | 000,073,856 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmx00.sys -- (SWMX00) Sierra Wireless USB MUX Driver (#00)
DRV - [2007/06/27 11:41:46 | 000,101,248 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWNC5E00.sys -- (SWNC5E00) Sierra Wireless MUX NDIS Driver (#00)
DRV - [2006/11/06 21:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/06 19:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/11/06 19:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2004/03/25 20:37:08 | 000,052,384 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabbus.sys -- (slabbus) CP2101 USB Composite Device driver (WDM)
DRV - [2004/03/25 20:36:48 | 000,084,512 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\slabser.sys -- (slabser)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/06/27 19:07:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/06/20 21:05:15 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010/10/11 14:28:20 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell PC TuneUp Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100429 -Mozilla\4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident\4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C) File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (Reg Error: Key error.)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab (LogMeIn Rescue Applet Downloader)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\BigTenGolf41\Pictures\J.C.'s Odds & Ends\Personal\Cody (smiling).jpg
O24 - Desktop BackupWallPaper: C:\Users\BigTenGolf41\Pictures\J.C.'s Odds & Ends\Personal\Cody (smiling).jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2010/10/17 10:46:28 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\OTL.com
[2010/10/17 10:26:46 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\TFC.exe
[2010/10/13 18:04:23 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/13 18:04:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/13 18:03:52 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/13 18:03:47 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/10/13 18:03:47 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/10/13 18:03:47 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/13 18:03:47 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/13 18:03:47 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/10/13 18:03:46 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/10/13 18:03:46 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/10/13 18:03:46 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/13 18:03:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/10/13 18:03:46 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/10/13 18:03:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/10/13 18:03:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/10/13 18:03:46 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/10/13 18:03:46 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/10/13 18:03:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/10/13 18:03:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/10/13 18:03:46 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/10/13 18:03:44 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/13 18:03:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/13 18:03:42 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/13 18:03:40 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/13 18:03:37 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/11 18:59:45 | 000,000,000 | ---D | C] -- C:\Users\BigTenGolf41\AppData\Local\temp
[2010/10/11 18:58:06 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/10/11 18:44:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/11 14:49:50 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxres.dll
[2010/10/11 14:17:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/11 14:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/11 14:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/11 14:17:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/11 14:16:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/29 21:00:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/29 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/09/29 20:39:42 | 000,000,000 | ---D | C] -- C:\Users\BigTenGolf41\AppData\Roaming\Malwarebytes
[2010/09/29 20:38:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/29 20:38:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/29 20:38:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/29 20:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/29 00:02:18 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/29 00:01:28 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/09/28 23:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2010/09/28 23:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2010/09/28 23:56:34 | 000,000,000 | ---D | C] -- C:\Users\BigTenGolf41\AppData\Local\Citrix
[2010/09/28 23:56:19 | 000,000,000 | ---D | C] -- C:\Users\BigTenGolf41\AppData\Local\Deployment
[2010/09/28 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/28 22:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/09/28 19:51:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/09/27 20:50:37 | 000,036,616 | ---- | C] (IVT Corporation.) -- C:\Windows\System32\drivers\btcusb.sys
[2010/09/27 20:50:37 | 000,019,464 | ---- | C] (IVT Corporation.) -- C:\Windows\System32\btinstall.dll
[2010/09/27 08:11:53 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint2K
[2010/09/27 08:10:53 | 000,195,120 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
========== Files - Modified Within 30 Days ==========
[2010/10/17 10:50:17 | 000,000,406 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
[2010/10/17 10:49:33 | 002,203,360 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\Cat.DB
[2010/10/17 10:46:33 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\OTL.com
[2010/10/17 10:38:44 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 10:38:43 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/17 10:38:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/17 10:38:06 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/17 10:32:44 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/10/17 10:26:51 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\BigTenGolf41\Desktop\TFC.exe
[2010/10/14 22:04:53 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/10/14 22:04:53 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/10/13 18:28:57 | 000,313,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/11 20:00:00 | 000,000,614 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - BigTenGolf41.job
[2010/10/11 20:00:00 | 000,000,488 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - BigTenGolf41 - Full System Scan.job
[2010/10/11 14:28:20 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/11 14:14:24 | 003,876,948 | R--- | M] () -- C:\Users\BigTenGolf41\Desktop\ComboFix.exe
[2010/10/03 20:35:51 | 000,165,115 | ---- | M] () -- C:\Users\BigTenGolf41\Desktop\Malware.docx
[2010/10/02 22:30:49 | 000,001,900 | ---- | M] () -- C:\Users\BigTenGolf41\Desktop\HijackThis.lnk
[2010/09/29 21:01:06 | 000,001,073 | ---- | M] () -- C:\Users\BigTenGolf41\Desktop\Spybot - Search & Destroy.lnk
[2010/09/29 20:38:56 | 000,000,838 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/28 23:57:28 | 000,001,356 | ---- | M] () -- C:\Users\BigTenGolf41\AppData\Local\d3d9caps.dat
[2010/09/28 22:46:11 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/27 20:50:37 | 000,036,616 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\drivers\btcusb.sys
[2010/09/27 20:50:37 | 000,019,464 | ---- | M] (IVT Corporation.) -- C:\Windows\System32\btinstall.dll
[2010/09/27 08:10:53 | 001,419,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WdfCoInstaller01005.dll
[2010/09/27 08:10:53 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys
[2010/09/27 08:10:53 | 000,108,478 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\Vxdif.dll
[2010/09/27 08:02:18 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2010/09/27 07:50:03 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2010/09/20 18:03:18 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\N360\0403000.005\isolate.ini
========== Files Created - No Company Name ==========
[2010/10/11 14:17:30 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/11 14:17:30 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/11 14:17:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/11 14:17:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/11 14:17:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/11 14:14:14 | 003,876,948 | R--- | C] () -- C:\Users\BigTenGolf41\Desktop\ComboFix.exe
[2010/10/03 20:35:50 | 000,165,115 | ---- | C] () -- C:\Users\BigTenGolf41\Desktop\Malware.docx
[2010/10/02 22:30:49 | 000,001,900 | ---- | C] () -- C:\Users\BigTenGolf41\Desktop\HijackThis.lnk
[2010/09/30 20:40:30 | 000,000,406 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
[2010/09/29 21:01:06 | 000,001,073 | ---- | C] () -- C:\Users\BigTenGolf41\Desktop\Spybot - Search & Destroy.lnk
[2010/09/29 20:38:56 | 000,000,838 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/29 00:10:00 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/28 22:46:11 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/09/27 08:02:18 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\PowerSuite.lnk
[2010/09/14 22:31:20 | 000,000,120 | ---- | C] () -- C:\Users\BigTenGolf41\AppData\Local\Jfuwipokidupap.dat
[2010/09/14 22:31:20 | 000,000,000 | ---- | C] () -- C:\Users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin
[2010/01/03 22:17:05 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2010/01/03 22:17:05 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2010/01/03 22:17:05 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2010/01/03 22:17:05 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/01 18:15:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/06/30 21:57:45 | 000,938,328 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2009/06/30 21:56:14 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2009/03/21 20:20:54 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008/11/12 19:46:52 | 000,001,356 | ---- | C] () -- C:\Users\BigTenGolf41\AppData\Local\d3d9caps.dat
[2008/02/26 19:29:53 | 000,027,136 | ---- | C] () -- C:\Users\BigTenGolf41\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/16 17:16:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1253.dll
[2008/02/16 17:16:58 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/16 17:16:57 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/02/16 17:16:56 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/16 09:37:09 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/02/16 09:36:09 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/02/16 09:36:09 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/02/16 09:36:09 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2007/08/10 12:08:48 | 000,024,456 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 19:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/17 01:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 01:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2004/04/23 15:17:02 | 000,000,061 | ---- | C] () -- C:\Windows\System32\uninstall.ini
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2008/02/27 20:42:52 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\acccore
[2010/07/04 22:21:03 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\aignes
[2008/02/26 21:02:01 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\DataSafeOnline
[2008/03/09 17:29:44 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\HotSync
[2009/07/01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\iolo
[2008/07/25 21:54:08 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\Skinux
[2010/02/13 19:31:43 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\SkyGolf
[2008/06/10 23:10:04 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\Smith Micro
[2010/06/24 22:00:58 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\System Tweaker
[2010/06/24 21:55:11 | 000,000,000 | ---D | M] -- C:\Users\BigTenGolf41\AppData\Roaming\Uniblue
[2010/10/17 10:32:43 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/10/17 10:50:17 | 000,000,406 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/11 18:59:43 | 000,015,516 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/02/16 17:17:10 | 000,003,767 | RH-- | M] () -- C:\dell.sdr
[2009/06/30 22:43:47 | 000,000,051 | ---- | M] () -- C:\EventLOG.txt
[2010/10/17 10:38:06 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2008/11/16 18:38:21 | 000,000,801 | -H-- | M] () -- C:\IPH.PH
[2010/06/20 18:23:24 | 000,000,990 | ---- | M] () -- C:\net_save.dna
[2010/10/17 10:38:00 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys
[2010/06/23 20:36:06 | 000,000,344 | ---- | M] () -- C:\UserChoice.reg
[2008/02/27 21:34:35 | 000,000,156 | ---- | M] () -- C:\YServer.txt
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-16 06:30:28
< End of report >
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
OTL Extras logfile created on: 10/17/2010 10:48:35 AM - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\BigTenGolf41\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 38.90 Gb Free Space | 28.45% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 4.94 Gb Free Space | 50.58% Space Free | Partition Type: NTFS
Computer Name: JCPULSEJC | User Name: BigTenGolf41 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [opennew] -- explorer %1 (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-166987707-3047939459-2013589854-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" =
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" =
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C50818A-E620-4496-A1E9-584EECA12818}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{0DBF2DF0-4104-4E16-8FA7-3FD09CC40ED2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AD3047D-60D8-4D3E-BEE1-7B59C8C65D87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{27F863BE-009C-4EDD-B51E-70CFB7FCCCE3}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{2CD89C0E-16B8-4C43-8E0C-3C7198375E53}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{3BB645E1-EDE9-468A-B891-06272B44A361}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{50C256E3-9AD0-4E06-878B-2AB2DB67FDF7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{657D26C2-DACE-4D90-B3E8-0B084051A853}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6AEC450D-17FA-4CC5-AFAF-151EA0610184}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DED4228-B58F-4EEC-A705-75F4772DC516}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{796F13D0-F77C-4A04-953C-A7198C5D316C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8642AF11-1D2A-4E20-8E61-4601CF12A738}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{89A3EBAE-DC9A-431E-9112-93EA1BBE57CC}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{918A2219-37D6-41C1-97C5-829BDE246C00}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{9BC463C6-57CF-466D-8290-68A3ABC91524}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A5679EA3-19DB-4EA1-926F-64085B14BE0D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{AE8AAEEE-0DAB-40A8-BA10-9A3A1B010C81}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AF0FF129-3017-4A80-9768-1945CF5184AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B00A3FED-EE79-4255-8C43-396C707E1F59}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B53B6262-599B-46FB-B3BD-30F00457659E}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C078092F-BBF7-4501-9D74-EC2B0ADD20AD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CE50363B-EBB6-43F7-AD77-C54FAADBFFA8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D9600676-3ED3-45DC-9D47-B1F8A6F09814}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{E41BAA07-63B5-42E7-AF03-837E15C4662C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E583E731-CEC5-4F5B-B4F0-C16F6CD282B2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{E6F9931C-51C2-4B34-BF7D-CC2FE66B86C0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F223B672-A22B-49DF-B348-C5A91C463A45}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FFAF3AD3-DEAD-4993-ACA1-F906381CF203}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{2F43DD1F-A99A-4D14-BE17-86FCE2133465}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{325D3FB7-47C3-4F89-8796-C489FBC4A60E}C:\program files\palm\hotsync.exe" = protocol=6 | dir=in | app=c:\program files\palm\hotsync.exe |
"UDP Query User{5CBC3414-C6EC-463C-AD8D-D34CBE7DCB0E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{8B56123C-AB80-41F8-91AC-15E2D65D1206}C:\program files\palm\hotsync.exe" = protocol=17 | dir=in | app=c:\program files\palm\hotsync.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25E81740-CA17-489E-A8B6-54319A1C4D41}}_is1" = Dell PC TuneUp
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 16
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{51E7609E-F086-4ECA-9870-5B9E4E5096BD}" = Verizon Wireless USB720-V740 Firmware Updates
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793A260C-CDBF-499C-ABBA-B51E8E076867}_is1" = Uniblue PowerSuite
"{7B35D327-0607-4EED-A2E9-1312D10FD5EC}" = Verizon Wireless USB727 Firmware Updates
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CDC85536-A0EF-4401-82A6-25D8EFC7EFAC}" = VZAccess Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"aignesamdeadlink_is1" = AM-DeadLink 4.1
"AIM_6" = AIM 6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist Corporate
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"N360" = Norton 360
"PixelPerfect_4281508C_4DA1_4d4e_81EB_725D55EC30DC_is1" = Uniblue PixelPerfect
"PokerStars" = PokerStars
"SkyCaddieDesktop" = SkyCaddie Desktop
"System Tweaker_is1" = Uniblue System Tweaker
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 6/20/2010 6:23:33 PM | Computer Name = JCpulseJC | Source = MsiInstaller | ID = 11706
Description =
Error - 6/20/2010 6:39:10 PM | Computer Name = JCpulseJC | Source = EventSystem | ID = 4621
Description =
Error - 6/20/2010 6:41:31 PM | Computer Name = JCpulseJC | Source = MsiInstaller | ID = 11706
Description =
Error - 6/20/2010 7:07:30 PM | Computer Name = JCpulseJC | Source = MSSOAP | ID = 16
Description = Soap error: Host not found..
Error - 6/20/2010 7:07:30 PM | Computer Name = JCpulseJC | Source = MSSOAP | ID = 16
Description = Soap error: Unspecified HTTP error..
Error - 6/20/2010 7:07:30 PM | Computer Name = JCpulseJC | Source = MSSOAP | ID = 16
Description = Soap error: XML Parser failed at linenumber 1, lineposition 0, reason
is: System error: -2146822888. .
Error - 6/20/2010 7:48:49 PM | Computer Name = JCpulseJC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module IEShims.dll, version 8.0.6001.18904, time stamp 0x4b8376f0,
exception code 0xc0000005, fault offset 0x00021e16, process id 0x1780, application
start time 0x01cb10d3212344fd.
Error - 6/20/2010 8:49:57 PM | Computer Name = JCpulseJC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 8.0.6001.18904 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: f68 Start Time: 01cb10da80a66ccd Termination Time: 33
Error - 6/20/2010 8:59:07 PM | Computer Name = JCpulseJC | Source = MsiInstaller | ID = 11706
Description =
Error - 6/20/2010 9:04:33 PM | Computer Name = JCpulseJC | Source = MsiInstaller | ID = 11706
Description =
[ Broadcom Wireless LAN Events ]
Error - 4/23/2008 8:27:23 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 20:27:21, Wed, Apr 23, 08 Error - Unable to gain access to user store
Error - 5/30/2008 7:56:42 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 19:56:42, Fri, May 30, 08 Error - Unable to gain access to user store
Error - 8/1/2008 8:54:19 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 20:54:19, Fri, Aug 01, 08 Error - Unable to gain access to user store
Error - 11/29/2008 6:37:06 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 17:37:06, Sat, Nov 29, 08 Error - Unable to gain access to user store
Error - 12/7/2008 5:06:37 PM | Computer Name = JCPULSEJC | Source = WLAN-Tray | ID = 0
Description = 16:06:37, Sun, Dec 07, 08 Error - Unable to gain access to user store
Error - 3/29/2009 4:28:42 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 16:28:41, Sun, Mar 29, 09 Error - Unable to gain access to user store
Error - 9/3/2009 6:46:12 PM | Computer Name = JCpulseJC | Source = WLAN-Tray | ID = 0
Description = 18:46:12, Thu, Sep 03, 09 Error - Unable to gain access to user store
Error - 1/19/2010 9:31:12 PM | Computer Name = JCPULSEJC | Source = WLAN-Tray | ID = 0
Description = 20:31:12, Tue, Jan 19, 10 Error - Unable to gain access to user store
[ System Events ]
Error - 10/16/2010 2:32:44 AM | Computer Name = JCpulseJC | Source = DCOM | ID = 10005
Description =
Error - 10/16/2010 10:15:56 AM | Computer Name = JCpulseJC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.227 for the Network Card with network
address 001E4CC45F51 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/16/2010 10:24:22 AM | Computer Name = JCpulseJC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.233 for the Network Card with network
address 001E4CC45F51 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/16/2010 8:00:57 PM | Computer Name = JCpulseJC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.234 for the Network Card with network
address 001E4CC45F51 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/17/2010 9:07:58 AM | Computer Name = JCpulseJC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.236 for the Network Card with network
address 001E4CC45F51 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 10/17/2010 9:48:27 AM | Computer Name = JCpulseJC | Source = Service Control Manager | ID = 7024
Description =
Error - 10/17/2010 9:48:27 AM | Computer Name = JCpulseJC | Source = Service Control Manager | ID = 7031
Description =
Error - 10/17/2010 10:27:30 AM | Computer Name = JCpulseJC | Source = Service Control Manager | ID = 7034
Description =
Error - 10/17/2010 10:38:59 AM | Computer Name = JCpulseJC | Source = Service Control Manager | ID = 7000
Description =
Error - 10/17/2010 10:42:32 AM | Computer Name = JCpulseJC | Source = Service Control Manager | ID = 7001
Description =
< End of report >
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java(TM) 6 Update 16
Java(TM) SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player
Adobe Reader 8.2.5
Japanese Fonts Support For Adobe Reader 8
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSASCui.exe
Spybot Teatimer.exe is disabled!
Windows Defender MSASCui.exe
iolo common lib ioloServiceManager.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
kevinf80_1d0ac6
1.1K Posts
0
October 17th, 2010 14:00
I do not see any obvious infection in your logs from Combofix or OTL. There must have been an infection present at some point that was caught and cleaned. The following remnants are still onboard:
C:\Users\BigTenGolf41\AppData\Local\Jfuwipokidupap.dat
C:\Users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin
The Combofix log you have presented is actually from the third run of Combofix, I`d like to see the other two logs please. They will be in C:\Qoobox and listed as Combofix?txt where ? will be a number
You`ll have noticed from Security Checks that your Java is outdated, you are currently running Version 6 update 16. Version 6 update 22 is the most current.
You will have to uninstall Java(TM) SE Runtime Environment 6 manually, update 16 will be automatically removed when you update.
Post the two previous logs from Combofix in next reply please.
Kevin
BigTenGolf41
18 Posts
0
October 18th, 2010 19:00
Thanks. Should I remove those two infected files somehow? Here are all Combo Fix logs from my machine:
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ComboFix 10-10-16.04 - BigTenGolf41 10/17/2010 11:01:20.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1694 [GMT -4:00]
Running from: c:\users\BigTenGolf41\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 )))))))))))))))))))))))))))))))
.
2010-10-17 15:08 . 2010-10-17 15:08 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\temp
2010-10-17 15:08 . 2010-10-17 15:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-16 06:30 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDC36942-1599-4C1D-BEFF-7BE163F6E1F1}\mpengine.dll
2010-10-13 22:04 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-13 22:04 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-13 22:04 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-13 22:04 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-13 22:04 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-13 22:04 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-13 22:04 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-11 18:49 . 2008-01-02 21:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-09-30 01:00 . 2010-09-30 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-30 01:00 . 2010-09-30 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-30 00:39 . 2010-09-30 00:39 -------- d-----w- c:\users\BigTenGolf41\AppData\Roaming\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 04:02 . 2010-09-29 04:02 -------- d-----w- c:\program files\Trend Micro
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\programdata\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\program files\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Deployment
2010-09-29 02:45 . 2010-09-29 02:45 -------- d-----w- c:\program files\iPod
2010-09-29 02:42 . 2010-09-29 02:42 -------- d-----w- c:\program files\Bonjour
2010-09-28 23:51 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 23:51 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 00:50 . 2010-09-28 00:50 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-09-28 00:50 . 2010-09-28 00:50 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-09-27 12:11 . 2010-09-27 12:12 -------- d-----w- c:\program files\Apoint2K
2010-09-27 12:10 . 2010-09-27 12:10 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-27 00:30 . 2010-09-27 11:45 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-09-27 204800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-29 03:56 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-03 03:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 16:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 21:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2010-08-30 12:45 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-166987707-3047939459-2013589854-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-03 30192]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101015.003\IDSvix86.sys [2010-10-13 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
--- Other Services/Drivers In Memory ---
*Deregistered* - EraserUtilDrv11010
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-12 c:\windows\Tasks\Norton Internet Security - BigTenGolf41 - Full System Scan.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-12 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - BigTenGolf41.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-17 c:\windows\Tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
- c:\windows\system32\msfeedssync.exe [2010-10-13 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(5380)
c:\windows\system32\ieframe.dll
c:\windows\system32\QUtil.dll
.
Completion time: 2010-10-17 11:12:09
ComboFix-quarantined-files.txt 2010-10-17 15:12
ComboFix2.txt 2010-10-11 22:59
ComboFix3.txt 2010-10-11 18:32
Pre-Run: 44,475,904,000 bytes free
Post-Run: 44,481,388,544 bytes free
- - End Of File - - C25B4E2C54442D5B51C90CB28BE67845
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ComboFix 10-10-11.01 - BigTenGolf41 10/11/2010 18:47:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1806 [GMT -4:00]
Running from: c:\users\BigTenGolf41\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 22:55 . 2010-10-11 22:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\temp
2010-10-11 22:55 . 2010-10-11 22:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-11 18:49 . 2008-01-02 21:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-10-09 16:00 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804E8CA2-1871-49FF-BCDA-9802111A061F}\mpengine.dll
2010-09-30 01:00 . 2010-09-30 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-30 01:00 . 2010-09-30 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-30 00:39 . 2010-09-30 00:39 -------- d-----w- c:\users\BigTenGolf41\AppData\Roaming\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 04:02 . 2010-09-29 04:02 -------- d-----w- c:\program files\Trend Micro
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\programdata\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\program files\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Deployment
2010-09-29 02:45 . 2010-09-29 02:45 -------- d-----w- c:\program files\iPod
2010-09-29 02:42 . 2010-09-29 02:42 -------- d-----w- c:\program files\Bonjour
2010-09-28 23:51 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 23:51 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 00:50 . 2010-09-28 00:50 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-09-28 00:50 . 2010-09-28 00:50 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-09-27 12:11 . 2010-09-27 12:12 -------- d-----w- c:\program files\Apoint2K
2010-09-27 12:10 . 2010-09-27 12:10 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-27 00:30 . 2010-09-27 11:45 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-09-15 02:31 . 2010-09-15 02:31 0 ----a-w- c:\users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin
2010-09-15 01:19 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:19 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:19 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:19 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 01:19 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-08-30 67448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-09-27 204800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-29 03:56 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-03 03:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 16:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 21:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2010-08-30 12:45 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-166987707-3047939459-2013589854-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-03 30192]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101008.002\IDSvix86.sys [2010-09-15 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-20 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-05 c:\windows\Tasks\Norton Internet Security - BigTenGolf41 - Full System Scan.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - BigTenGolf41.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} - hxxps://secure.logmeinrescue.com/Customer/x86/RescueDownloader.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(7640)
c:\windows\System32\netshell.dll
.
Completion time: 2010-10-11 18:59:41
ComboFix-quarantined-files.txt 2010-10-11 22:59
ComboFix2.txt 2010-10-11 18:32
Pre-Run: 41,896,763,392 bytes free
Post-Run: 41,904,537,600 bytes free
- - End Of File - - 007C1FF0D3477D4CAF69CB2FC83CCAAB
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
ComboFix 10-10-11.01 - BigTenGolf41 10/11/2010 14:20:02.1.2 - x86
Running from: c:\users\BigTenGolf41\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\BigTenGolf41\AppData\Local\{B67D0809-1FD8-4536-91D0-CCE2C0644C13}
c:\users\BigTenGolf41\AppData\Local\{B67D0809-1FD8-4536-91D0-CCE2C0644C13}\chrome.manifest
c:\users\BigTenGolf41\AppData\Local\{B67D0809-1FD8-4536-91D0-CCE2C0644C13}\chrome\content\_cfg.js
c:\users\BigTenGolf41\AppData\Local\{B67D0809-1FD8-4536-91D0-CCE2C0644C13}\chrome\content\overlay.xul
c:\users\BigTenGolf41\AppData\Local\{B67D0809-1FD8-4536-91D0-CCE2C0644C13}\install.rdf
c:\users\BigTenGolf41\GoToAssistDownloadHelper.exe
c:\windows\system32\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2010-09-11 to 2010-10-11 )))))))))))))))))))))))))))))))
.
2010-10-11 18:28 . 2010-10-11 18:28 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\temp
2010-10-11 18:28 . 2010-10-11 18:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-09 16:00 . 2010-09-09 22:52 6084944 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{804E8CA2-1871-49FF-BCDA-9802111A061F}\mpengine.dll
2010-09-30 01:00 . 2010-09-30 01:43 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-30 01:00 . 2010-09-30 01:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-30 00:39 . 2010-09-30 00:39 -------- d-----w- c:\users\BigTenGolf41\AppData\Roaming\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\programdata\Malwarebytes
2010-09-30 00:38 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-30 00:38 . 2010-09-30 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 04:02 . 2010-09-29 04:02 -------- d-----w- c:\program files\Trend Micro
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\programdata\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\program files\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Citrix
2010-09-29 03:56 . 2010-09-29 03:56 -------- d-----w- c:\users\BigTenGolf41\AppData\Local\Deployment
2010-09-29 02:45 . 2010-09-29 02:45 -------- d-----w- c:\program files\iPod
2010-09-29 02:42 . 2010-09-29 02:42 -------- d-----w- c:\program files\Bonjour
2010-09-28 23:51 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 23:51 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-09-28 00:50 . 2010-09-28 00:50 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-09-28 00:50 . 2010-09-28 00:50 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-09-27 12:11 . 2010-09-27 12:12 -------- d-----w- c:\program files\Apoint2K
2010-09-27 12:10 . 2010-09-27 12:10 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-27 00:30 . 2010-09-27 11:45 -------- d-----w- c:\windows\system32\drivers\N360\0403000.005
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2010-09-17 03:31 . 2010-09-17 03:31 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2010-09-15 02:31 . 2010-09-15 02:31 0 ----a-w- c:\users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin
2010-09-15 01:19 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-15 01:19 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-15 01:19 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-15 01:19 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-15 01:19 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"PowerSuite"="c:\program files\Uniblue\PowerSuite\launcher.exe" [2010-08-30 67448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2010-09-27 204800]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"Dell PC TuneUp Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-06-23 314224]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 133656]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2010-09-29 03:56 13672 ----a-w- c:\program files\Citrix\GoToAssist\615\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 14:55 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2007-05-25 06:03 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-11-03 03:53 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 16:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 21:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2010-08-30 12:45 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-166987707-3047939459-2013589854-1000]
"EnableNotificationsRef"=dword:00000001
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-03 30192]
R3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]
S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101001.001\BHDrvx86.sys [2010-08-31 692272]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2008-12-09 20392]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20101008.002\IDSvix86.sys [2010-09-15 353840]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-06-23 600944]
S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-06-20 102448]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-12-05 112640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-10-05 c:\windows\Tasks\Norton Internet Security - BigTenGolf41 - Full System Scan.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-05 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - BigTenGolf41.job
- c:\program files\Norton 360\Engine\4.3.0.5\navw32.exe [2010-09-27 19:24]
2010-10-11 c:\windows\Tasks\User_Feed_Synchronization-{A9AB9970-417F-4715-8739-10288CB28DDD}.job
- c:\windows\system32\msfeedssync.exe [2010-08-13 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uInternet Settings,ProxyOverride = *.local
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Ihudub - c:\users\BigTenGolf41\AppData\Local\unalozikequwam.dll
AddRemove-SLABCOMM - c:\windows\system32\uninstall.exe
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b7,7b,d0,da,ff,6d,9b,42,85,b6,a7,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-11 14:32:01
ComboFix-quarantined-files.txt 2010-10-11 18:32
Pre-Run: 42,038,231,040 bytes free
Post-Run: 41,991,450,624 bytes free
- - End Of File - - 19F91B2980DE24A222EF7D4F5A7CE806
kevinf80_1d0ac6
1.1K Posts
0
October 19th, 2010 03:00
You`ve posted run three of CF again, doesn`t really matter I dont see any significant malware. OK lets get rid of those two files Imentioned earlier. As follows please :-
Step 1
Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool.
-------------------------------------------------------------------
:Processes
:Reg
:Services
:Files
ipconfig /flushdns /c
C:\Users\BigTenGolf41\AppData\Local\Jfuwipokidupap.dat
C:\Users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin
:Commands
[CreateRestorePoint]
[EmptyFlash]
[EmptyTemp]
[ResetHosts]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Step 2
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here
Post logs from OTM and ESET, also give system review, improvemnts? issues?
Kevin
BigTenGolf41
18 Posts
0
October 19th, 2010 21:00
Hi Kevin,
I ran both files/scans, and have pasted the OTM log below. The ESET scan came up with no threats found, and therefore didn't provide the option of saving the results as a text file. I will try normal use in my machine of the next day or so and report back with any improvements, issues, etc. As of last night, it was still acting up (ghost typing, then no keyboard upon restart).
-----
All processes killed
========== PROCESSES ==========
========== REGISTRY ==========
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\BigTenGolf41\Desktop\cmd.bat deleted successfully.
C:\Users\BigTenGolf41\Desktop\cmd.txt deleted successfully.
File/Folder C:\Users\BigTenGolf41\AppData\Local\Jfuwipokidupap.dat not found.
File/Folder C:\Users\BigTenGolf41\AppData\Local\Ewobofivutamux.bin not found.
========== COMMANDS ==========
Restore point Set: OTM Restore Point
[EMPTYTEMP]
User: All Users
User: BigTenGolf41
->Temp folder emptied: 192121 bytes
->Temporary Internet Files folder emptied: 3666693 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 653 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 266632 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 82054 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTM by OldTimer - Version 3.1.16.1 log created on 10192010_204537
Files moved on Reboot...
File C:\Windows\temp\fb_884.lck not found!
Registry entries deleted on Reboot...
kevinf80_1d0ac6
1.1K Posts
0
October 20th, 2010 01:00
Hiya JC,
I`m not convinced this is a malware issue, your logs dont indicate anything untoward. See if there is a driver update for your keyboard from the Dell site
http://search.dell.com/results.aspx?c=us&l=en&cat=all&k=drivers
Keep me informed please..
Kevin
BigTenGolf41
18 Posts
0
October 21st, 2010 06:00
Thanks Kev. There wasn't a driver update specific to the keyboard, but there were 18 other "recommended" updates from Dell that I downloaded. When I revisit the site, I'm not sure why they still show as "recommended" as I installed each of them. I also ran a PSA Diagnostics test at start-up, but it found no errors.
I attempted to reply to this thread last night, only to have the machine start ghost-typing again. In other words, after typing a few words, the machine made a prolonged 5 second beep, and spat out characters that looked something like "fwesdkjnf323asadnsd..." That's not the exact characters, but I think you know what I'm saying.
When I restarted the machine the keyboard didn't work. This happens each time following the ghost-typing, and requires another restart or two to get the keyboard back working again.
The machine works fine otherwise, but I just have to avoid typing emails, search boxes, threads like this, etc.
I'm wondering if you think I should take my machine to a local repair shop, or if I should try a system restore.
BTW, I really appreciate all of your time devoted to my problem. It's certainly not for lack of trying, and I'm thankful to have your advice and knowledge.
Thanks in advance,
J.C.
kevinf80_1d0ac6
1.1K Posts
0
October 21st, 2010 13:00
Hiya JC,
Couple of things to try. If you have voice/speech recognition software, turn it off. Try a different keyboard. A search in Google for your problem turns those two as the most common reasons.
Let me know how you get on,
Kevin
BigTenGolf41
18 Posts
0
October 21st, 2010 21:00
Inoperable Hardware Devices
Problem: Norton 360 has detected inoperable hardware devices.
Recommendation: You may want to configure these hardware devices. Run Device Manager to properly configure hardware devices.
Take Action: Run Device Manager
Hide Details
This section lists any hardware devices that are not working.
kevinf80_1d0ac6
1.1K Posts
0
October 22nd, 2010 02:00
Regarding the information you`ve just posted about 6TO4 adpaptor, have a read Here look at the reply by Michael Murphy with information supplied via Lionel Chen.
Back to your Keyboard, go here http://www.passmark.com/products/keytest.htm Its a 30 day trial but should suit the purpose. Check everything works OK (the correct key lights up on screen and no multiple keys light up for a single key press).
As i stated in my last reply, swapping out the keyboard is also a good check to do, also if using a USB keyboard try a PS2 keyboard or vice versa.
Let me know how you get on,
Kevin
BigTenGolf41
18 Posts
0
October 22nd, 2010 07:00
Thanks Kevin. I'll take a look over the weekend. I pasted the post last night after the keyboard stopped working, and also started ghost-typing again. It's happening much more frequently now, and this time hasn't come back on after restarting twice. I ran a Norton 360 diagnostic, and it told me to fix the errors above via the Device Manager. Unfortunately it didn't give any instructions on how to locate and fix the problems within Device Manager.
Thanks again.
kevinf80_1d0ac6
1.1K Posts
0
October 22nd, 2010 08:00
Hiya JC,
Take your time no rush my friend, I check in every day. Let me know how you get on. I`m confident we`re not dealing with a malware issue, i`m almost certain its a Hardware or ancillary issue, keyboard, cable connector etc.
Kevin